Smartcards—A security assessment

Svigals, Jerome

doi:10.1016/0167-4048(94)90056-6

Cited by 10 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…password generators for internet dialers) used to enable identity verification. However, presentation of a valid token does not prove ownership because it may have been stolen or duplicated by sophisticated fraudulent means (Svigals, 1994). Tokens also create problems of administration and are inconvenient for users to carry around.…”

Section: Authentication Approachesmentioning

confidence: 99%

Personalized cognitive passwords: an exploratory assessment

Lazar

Tikolsky

Glezer

et al. 2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

PurposeCognitive passwords are typically realized using “one size fits all” fact‐based or opinion‐based questions, and as such are prone to guessing attacks. The purpose of this paper is to propose a method of personalizing cognitive passwords to individual users, to close this loophole, and evaluate its performance against rigid cognitive passwords.Design/methodology/approachA personalized questionnaire formulated by the subjects was benchmarked against a rigid questionnaire in terms of recall and security. The evaluation employed two constructs used extensively in previous research, namely, Recall – the success in remembering a password, and Secrecy – the likelihood that the password cannot be guessed.FindingsWhile the experiment found that personalization increases the recall of cognitive passwords, it showed no improvement in secrecy (reducing guessing rates).Research limitations/implicationsThe study was conducted in an academic environment with young freshmen students thereby limiting external validity. Another problem might stem from the difference in the length of the questionnaires between groups in order to minimize drop‐out rates.Practical implicationsSecrecy was and still is the Achilles heel of the cognitive password mechanism and therefore the results imply that some restrictions should be imposed to prevent selection of over‐simplistic cognitive passwords.Originality/valueThis study is important because it is the first of its kind – benchmarking recall and secrecy of two types of cognitive authentication methods – rigid and personalized.

show abstract

Section: Authentication Approachesmentioning

confidence: 99%

Personalized cognitive passwords: an exploratory assessment

Lazar

Tikolsky

Glezer

et al. 2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

show abstract

“…Due to their complexity, smart tokens are more Most problems associated with tokens relate to their cost, administration, loss, and user dissatisfaction due to the inconvenience carrying them. In addition, presentation of a valid token does not prove ownership, as it may have been stolen or duplicated (Svigals, 1994).…”

Section: Possession-based Authenticationmentioning

confidence: 99%

Goals and Practices in Maintaining Information Systems Security

Erlich

Zviran

2010

International Journal of Information Security and Privacy

View full text Add to dashboard Cite

With the rapid growth of information systems and networks, security is a major concern of organizations. The main goals of information systems security are confidentially, integrity, and availability. The cornerstone of an organization’s security lies in designing, developing and implementing proper information systems’ security policy that balances security goals with the organization’s needs. In this paper, the authors discuss the goals of information systems security and the techniques to achieve them. Specifically, the paper focuses on access control and the various authentication approaches, as well as intrusion detection and prevention systems. As attacks become more frequent and devastating, ongoing research is required to adapt and improve security technologies and policies to reflect new modes of attack to keep information systems secure.

show abstract